#!/usr/bin/python
import pprint
import subprocess
+from invirt.config import structs as config
# import ldap
# l = ldap.open("W92-130-LDAP-2.mit.edu")
pass
def getAfsGroupMembers(group, cell):
- p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell],
+ encrypt = True
+ for c in config.authz.afs.cells:
+ if c.cell == cell and hasattr(c, 'auth'):
+ encrypt = c.auth
+ if encrypt:
+ subprocess.check_call(['aklog', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ p = subprocess.Popen(["pts", "membership", "-encrypt" if encrypt else '-noauth', group, '-c', cell],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
err = p.stderr.read()
if err: #Error code doesn't reveal missing groups, but stderr does
+ if err.startswith('pts: Permission denied ; unable to get membership of '):
+ return []
raise AfsProcessError(err)
return [line.strip() for line in p.stdout.readlines()[1:]]
return p.stdout.read().split()[-1][1:-1]
def getLockerAcl(locker):
- try:
- p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if p.wait():
- raise AfsProcessError(p.stderr.read())
- except AfsProcessError, e:
- if e.message.startswith("fs: You don't have the required access rights on"):
- return []
- raise
+ p = subprocess.Popen(["fs", "listacl", getLockerPath(locker)],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ if p.wait():
+ raise AfsProcessError(p.stderr.read())
lines = p.stdout.readlines()
values = []
for line in lines[1:]:
projects / invirt/packages/invirt-web.git / blobdiff